Risk-Aware SDN Defense Framework Against Anti-Honeypot Attacks Using Safe Reinforcement Learning

IF 1.5 4区 计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Dongying Gao, Caiwei Guo, Yi Zhang, Wen Ji, Zhilei Lv, Zheng Li, Kunsan Zhang, Ruibin Lin
{"title":"Risk-Aware SDN Defense Framework Against Anti-Honeypot Attacks Using Safe Reinforcement Learning","authors":"Dongying Gao,&nbsp;Caiwei Guo,&nbsp;Yi Zhang,&nbsp;Wen Ji,&nbsp;Zhilei Lv,&nbsp;Zheng Li,&nbsp;Kunsan Zhang,&nbsp;Ruibin Lin","doi":"10.1002/nem.2297","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>The development of multiple attack methods by external attackers in recent years poses a huge challenge to the security and efficient operation of software-defined networks (SDN), which are the core of operational controllers and data storage. Therefore, it is critical to ensure that the normal process of network interaction between SDN servers and users is protected from external attacks. In this paper, we propose a risk-aware SDN defense framework based on safe reinforcement learning (SRL) to counter multiple attack actions. Specifically, the defender uses SRL to maximize the utility by choosing to provide a honeypot service or pseudo-honeypot service within predefined security constraints, while the external attacker maximizes the utility by choosing an anti-honeypot attack or masquerade attack. To describe the system risk in detail, we introduce the risk level function to model the simultaneous dynamic attack and defense processes. Simulation results demonstrate that our proposed risk-aware scheme improves the defense utility by 17.5% and 142.4% and reduces the system risk by 42.7% and 59.6% compared to the QLearning scheme and the Random scheme, respectively.</p>\n </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"34 6","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Network Management","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/nem.2297","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The development of multiple attack methods by external attackers in recent years poses a huge challenge to the security and efficient operation of software-defined networks (SDN), which are the core of operational controllers and data storage. Therefore, it is critical to ensure that the normal process of network interaction between SDN servers and users is protected from external attacks. In this paper, we propose a risk-aware SDN defense framework based on safe reinforcement learning (SRL) to counter multiple attack actions. Specifically, the defender uses SRL to maximize the utility by choosing to provide a honeypot service or pseudo-honeypot service within predefined security constraints, while the external attacker maximizes the utility by choosing an anti-honeypot attack or masquerade attack. To describe the system risk in detail, we introduce the risk level function to model the simultaneous dynamic attack and defense processes. Simulation results demonstrate that our proposed risk-aware scheme improves the defense utility by 17.5% and 142.4% and reduces the system risk by 42.7% and 59.6% compared to the QLearning scheme and the Random scheme, respectively.

Abstract Image

利用安全强化学习对抗反蜜罐攻击的风险意识 SDN 防御框架
近年来,外部攻击者开发出多种攻击手段,对作为运行控制器和数据存储核心的软件定义网络(SDN)的安全和高效运行提出了巨大挑战。因此,确保 SDN 服务器与用户之间正常的网络交互过程免受外部攻击至关重要。本文提出了一种基于安全强化学习(SRL)的风险感知 SDN 防御框架,以应对多种攻击行为。具体来说,防御者利用 SRL 在预定义的安全约束条件下选择提供蜜罐服务或伪蜜罐服务,从而实现效用最大化;而外部攻击者则通过选择反蜜罐攻击或伪装攻击来实现效用最大化。为了详细描述系统风险,我们引入了风险等级函数来模拟同时进行的动态攻击和防御过程。仿真结果表明,与 QLearning 方案和随机方案相比,我们提出的风险感知方案分别提高了 17.5% 和 142.4% 的防御效用,降低了 42.7% 和 59.6% 的系统风险。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
International Journal of Network Management
International Journal of Network Management COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS
CiteScore
5.10
自引率
6.70%
发文量
25
审稿时长
>12 weeks
期刊介绍: Modern computer networks and communication systems are increasing in size, scope, and heterogeneity. The promise of a single end-to-end technology has not been realized and likely never will occur. The decreasing cost of bandwidth is increasing the possible applications of computer networks and communication systems to entirely new domains. Problems in integrating heterogeneous wired and wireless technologies, ensuring security and quality of service, and reliably operating large-scale systems including the inclusion of cloud computing have all emerged as important topics. The one constant is the need for network management. Challenges in network management have never been greater than they are today. The International Journal of Network Management is the forum for researchers, developers, and practitioners in network management to present their work to an international audience. The journal is dedicated to the dissemination of information, which will enable improved management, operation, and maintenance of computer networks and communication systems. The journal is peer reviewed and publishes original papers (both theoretical and experimental) by leading researchers, practitioners, and consultants from universities, research laboratories, and companies around the world. Issues with thematic or guest-edited special topics typically occur several times per year. Topic areas for the journal are largely defined by the taxonomy for network and service management developed by IFIP WG6.6, together with IEEE-CNOM, the IRTF-NMRG and the Emanics Network of Excellence.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信